diff options
Diffstat (limited to 'lib/Travelynx/Model')
-rw-r--r-- | lib/Travelynx/Model/Users.pm | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/lib/Travelynx/Model/Users.pm b/lib/Travelynx/Model/Users.pm index e465ee1..7b95efd 100644 --- a/lib/Travelynx/Model/Users.pm +++ b/lib/Travelynx/Model/Users.pm @@ -8,6 +8,7 @@ use strict; use warnings; use 5.020; +use Crypt::Eksblowfish::Bcrypt qw(bcrypt en_base64); use DateTime; use JSON; @@ -61,6 +62,14 @@ sub new { return bless( \%opt, $class ); } +sub hash_password { + my ( $self, $password ) = @_; + my @salt_bytes = map { int( rand(255) ) + 1 } ( 1 .. 16 ); + my $salt = en_base64( pack( 'C[16]', @salt_bytes ) ); + + return bcrypt( substr( $password, 0, 10000 ), '$2a$12$' . $salt ); +} + sub get_token_id { my ( $self, $type ) = @_; @@ -471,7 +480,7 @@ sub add { my $user_name = $opt{name}; my $email = $opt{email}; my $token = $opt{token}; - my $password = $opt{password_hash}; + my $password = $self->hash_password( $opt{password} ); # This helper must be called during a transaction, as user creation # may fail even after the database entry has been generated, e.g. if @@ -577,11 +586,11 @@ sub delete { return \%res; } -sub set_password_hash { +sub set_password { my ( $self, %opt ) = @_; my $db = $opt{db} // $self->{pg}->db; my $uid = $opt{uid}; - my $password = $opt{password_hash}; + my $password = $self->hash_password( $opt{password} ); $db->update( 'users', { password => $password }, { id => $uid } ); } |